Latest Posts

• Port Shadows via Network Alchemy: CVE-2021-3773

  September 8, 2021 — Benjamin Mixon-Baca and Jedidiah R. Crandall

  A discussion of port shadowing, VPN NAT behavior, and how Netfilter behavior can enable denial-of-service, deanonymization, and traffic redirection attacks.

• Blind In/On-Path Attacks and Applications to VPNs

  July 4, 2021 — William J. Tolley, Beau Kujath, Taha Khan, Narseo Vallina-Rodriguez, Jedidiah R. Crandall

  A summary of our USENIX Security 2021 paper presenting client-side and server-side blind in/on-path attacks against VPN tunnels, including connection inference, traffic interference, and tunneled DNS hijacking.

• Blind In/On-Path Attack Disclosure FAQ

  August 12, 2020 — Jedidiah R. Crandall, Beau Kujath, William J. Tolley

  A disclosure FAQ explaining the server-side blind in/on-path VPN attack, how it differs from CVE-2019-14899, why common mitigations such as reverse path filtering do not stop it, and how in-path routers can still exploit VPN tunnel behavior.

• Vintage Protocol Nonsense: Annoying the TCP Stack to Uncover Tunneled VPN Connections

  May 25, 2020 — William J. Tolley, Beau Kujath, Taha Khan, Narseo Vallina-Rodriguez, Jedidiah R. Crandall

  An in-depth explanation of the VPN tunnel inference and injection vulnerabilities disclosed as CVE-2019-9461 and CVE-2019-14899, including the threat model, attack phases, vendor responses, and practical mitigations.